The Masterclass “How can eID Cards Improve the Security and Usability of Authentication Protocols? From the Design to the Security and Risk Analysis” has been accepted to Identiverse 2021 and virtually presented on Wednesday June 23rd, 3:30-4:20 PM CEST by Marco Pernpruner.
Here is the abstract of the masterclass:
When dealing with sensitive online services such as Public Administration, eHealth or eBanking, a proper and secure authentication is strictly required more than ever. However, the design of an authentication infrastructure must find a proper balance between the degree of security it attests and the level of usability it offers to the users: protocols requiring many complex steps may discourage users from accessing a service. Among all the authenticators that are currently spreading (especially in the European Union), eID cards are quite promising in this regard: they are issued by Governments after a careful check of the person’s identity, and are usually equipped with contactless chips featuring NFC and cryptographic capabilities enabling these documents to take part in sophisticated yet usable authentication solutions. Based on our experience with Italian eID cards in a joint project with the Italian Government Printing Office and Mint (Poligrafico e Zecca dello Stato Italiano), we will investigate how these can be used within authentication flows to enhance the overall security while keeping an adequate level of usability for different use case scenarios such as accessing Public Administration services and private enterprise services. We will also detail the methodology that we have developed to analyze the security and risks of such protocols, finally providing some examples of both basic and more complex attacks detected by the different levels of our analysis.
Related Publications
-
Francesco Alberti, Silvio Ghilardi, Elena Pagani, Silvio Ranise, Gian Paolo Rossi
Brief Announcement: Automated Support for the Design and Validation of Fault Tolerant Parameterized Systems - A Case Study
In: 24th International Symposium on Distributed Computing (DISC 2010) (DOI)
